Fix adding same SNAT rule endless to the ipv4 POSTROUTING chain

data/Dockerfiles/netfilter/server.py

@@ -346,6 +346,8 @@ def snat4(snat_target):
     rule.dst = '!' + rule.src
     target = rule.create_target("SNAT")
     target.to_source = snat_target
+    match = rule.create_match("comment")
+    match.comment = f'{int(round(time.time()))}'
     return rule
 
   while not quit_now:
@@ -356,16 +358,23 @@ def snat4(snat_target):
         table.refresh()
         chain = iptc.Chain(table, 'POSTROUTING')
         table.autocommit = False
-        if get_snat4_rule() not in chain.rules:
+        new_rule = get_snat4_rule()
-          logCrit('Added POSTROUTING rule for source network %s to SNAT target %s' % (get_snat4_rule().src, snat_target))
+        for position, rule in enumerate(chain.rules):
-          chain.insert_rule(get_snat4_rule())
+          match = all((
-          table.commit()
+            new_rule.get_src() == rule.get_src(),
-        else:
+            new_rule.get_dst() == rule.get_dst(),
-          for position, item in enumerate(chain.rules):
+            new_rule.target.parameters == rule.target.parameters,
-            if item == get_snat4_rule():
+            new_rule.target.name == rule.target.name
-              if position != 0:
+          ))
-                chain.delete_rule(get_snat4_rule())
+          if position == 0:
-          table.commit()
+            if not match:
+              logInfo(f'Added POSTROUTING rule for source network {new_rule.src} to SNAT target {snat_target}')
+              chain.insert_rule(new_rule)
+          else:
+            if match:
+              logInfo(f'Remove rule for source network {new_rule.src} to SNAT target {snat_target} from POSTROUTING chain at position {position}')
+              chain.delete_rule(rule)
+        table.commit()
         table.autocommit = True
       except:
         print('Error running SNAT4, retrying...')